Connect to Neptune on AWS from local machine

Question

I am trying to connect to Neptune DB in AWS Instance from my local machine in office,like connecting RDS from office.Is it possible to connect Neptune db from local machine?. Is Neptune db publicly available.Is there any way developer can connect neptune db from office.

Answer 1

Neptune does not support public endpoints (endpoints that are accessible from outside the VPC). However, there are few architectural options using which you can access your Neptune instance outside your VPC. All of them have the same theme: setup a proxy (EC2 machine, or ALB, or something similar, or a combination of these) that resides inside your VPC, and make that proxy accessible from outside your VPC.

It seems like you want to talk to your instance purely for development purposes. The easiest option for that would be to spin up an ALB, and create a target group that points to your instance's IP.

Brief Steps (These are intentionally not in detail, please refer to AWS Docs for detailed instructions):

1. dig +short <your cluster endpoint> This would give you the current master's IP address.

2. Create an ALB (See AWS Docs on how to do this).

3. Make your ALB's target group point to the IP Address obtained for step #1. By the end of this step, you should have an ALB listening on PORT-A, that would forward requests to IP:PORT, where IP is your database IP (from Step 1) and PORT is your database port (default is 8182).
4. Create a security group that allows inbound traffic from everywhere. i.e. Inbound TCP rule for 0.0.0.0 on PORT-A.
5. Attach the security group to your ALB

Now from your developer boxes, you can connect to your ALB endpoint at PORT-A, which would internally forward the request to your Neptune instance.

Do checkout ALB docs for details around how you can create it and the concepts around it. If you need me to elaborate any of the steps, feel free to ask.

NOTE: This is not a recommended solution for a production setup. IP's used by Neptune instances are bound to change with failovers and host replacements. Use this solution only for testing purposes. If you want a similar setup for production, feel free to ask a question and we can discuss options.

Answer 2

As already mentioned you can't access directly outside your VPC.
The following link describes another solution using a SSH tunnel: connecting-to-aws-neptune-from-local-environment. I find it much easier for testing and development purpose. You can create the SSH tunnel with Putty as well.